Install and Administer Active Directory

Question 1

What does the term “Same Sign-On” mean with respect to the Windows Azure Active Directory Sync Tool?

Answer 1

Users that have their passwords synchronized to Windows Azure AD will be able to use the same username and password to log into their Azure AD services as well as their on-premises resources.

Question 2

Why does Microsoft recommend that you create a new Group Policy Object (GPO) for AppLocker in environments where both Software Restriction Policies and AppLocker are in place?

Answer 2

If you upgrade a computer that uses Software Restriction Policies to Windows Server 2012 R2 or Windows 8.1, and then implement AppLocker rules, only the AppLocker rules will be enforced.

Question 3

Which PowerShell cmdlet modifies properties of OU?

Answer 3

Set-ADOrganizationalUnit

Question 4

Which type of Windows servers responds to forest-wide Lightweight Directory Access Protocol (LDAP) queries over port 3268?

Answer 4

the global catalog server

Question 5

What comprises the membership list of a local group?

Answer 5

• Users and computers from any trusted domain
• Global groups from any trusted domain
• Universal groups from any trusted domain

Question 6

What must an Enterprise Administrator do in Active Directory Users and Computers before moving a newly created child OU to a different parent OU?

Answer 6

On the properties of the child OU, under the Object tab, clear the Protect object from accidental deletion checkbox.

Question 7

Which user right gives a user permissions to change the time and date on the internal clock of the computer?

Answer 7

the Change the system time local policy

Question 8

What comprises the membership list of a global group?

Answer 8

• Users and computers from the same domain as the global group
• Global groups from the same domain

Question 9

Which PowerShell cmdlet deletes user accounts?

Answer 9

Remove-ADUser

Question 10

When creating a template user account, why should you set the Account is Disabled property on the account?

Answer 10

So no one can use it to log in.

Question 11

Which edition of a Windows Server 2012 based operating system should be the source of the media that you use to create additional domain controllers running Windows Server 2012 R2 Datacenter edition with the install from media (IFM) method?

Answer 11

Windows Server 2012 R2 Datacenter edition

Question 12

How would you grant a group of users the authority to reset user’s passwords for the OUs located in the domain?

Answer 12

On the OU, use the Delegation of Control Wizard to delegate the Reset user passwords and force password change at next logon task to the group.

Question 13

Which command can be used to join a computer to a domain without contacting a domain controller?

Answer 13

djoin.exe

Question 14

Which operations master role is responsible for assigning Security Identifiers (SIDs) to objects such as users and groups?

Answer 14

RID Master

Question 15

Which operations master role is responsible for updating references from local objects to objects in other domains?

Answer 15

infrastructure master

Question 16

To create installation media for a full (writable) domain controller, what command must you run on a writable domain controller that is running Windows Server 2012 R2?

Answer 16

the ntdsutil ifm command

Question 17

In Active Directory Users and Computers, how do you display the Security and Object tab in the properties of an OU?

Answer 17

You need to click View and then Advanced Features in Active Directory Users and Computers before clicking on the properties of the OU

Question 18

Which utility synchronizes user passwords from your on-premises Active Directory to Azure Active Directory, letting users access Microsoft Cloud Services with the same password that they use to access on-premises resources?

Answer 18

Windows Azure Active Directory Sync Tool

Question 19

Which user right allows a user to add workstations to the domain?

Answer 19

the Add workstations to domain local policy

Question 20

Which type of domain controller contains a partial, read-only replica of every domain in the forest other than its own domain?

Answer 20

global catalog server

Question 21

Which command can be used to redirect newly created computer accounts from the default container named CN=Computers to a specified container?

Answer 21

the redircmp command

Question 22

How many domain controllers can have the domain naming master role?

Answer 22

only one domain controller per forest

Question 23

How many domain controllers can have the schema master role?

Answer 23

only one domain controller per forest

Question 24

What type of group can include users from any domain within a forest, and can be assigned permissions for in any domain in the forest?

Answer 24

A universal group

Question 25

What feature in a Group Policy policies allow you to control the membership of sensitive groups through Active Directory rather than through traditional group membership editing tools, such as Active Directory Users and Computers or PowerShell?

Answer 25

Restricted Groups

Question 26

What is the difference between “Same Sign-On” and “Single Sign-On”?

Answer 26

“Single Sign-On” is used with ADFS and allows user to access resources without being prompted for credentials if they are logged in to the AD network.. “Same Sign-On” prompts users for credentials even if they are logged in to the AD network.

Question 27

Why can you not use distribution groups to assign permissions explicitly or implicitly through membership in other groups for resources?

Answer 27

Unlike security groups, distribution groups are not security principals

Question 28

What type of AppLocker rule would you use to control an application from the Windows store?

Answer 28

a packaged app rule

Question 29

How many domain controllers can have the PDC emulator role?

Answer 29

only one domain controller per domain

Question 30

Which installation method can reduce the replication traffic that is initiated during the installation of an additional domain controller in an Active Directory domain?

Answer 30

the install from media (IFM) method

Question 31

Which user right gives a user permissions to back up files and folders on a computer, but not restore them?

Answer 31

the Back up files and directories local policy

Question 32

Which file on a domain controller contains all resource records for the Active Directory domain controller, including its SRV records?

Answer 32

Netlogon.dns in the %systemroot%\System32\Config folder

Question 33

How can you ensure that Alice and John are members of the Backup Operators group on every computer in domain?

Answer 33

Configure Backup Operators as a restricted group in a GPO at the domain level with Alice and John as members

Question 34

Which service should you restart to re-register all SRV records for a domain controller?

Answer 34

the NetLogon service

Question 35

Which user feature protects the computer from the unauthorized installation of any software?

Answer 35

User Account Control (UAC)

Question 36

Which command can be used to redirect newly created users from the default container named CN=Users to a specified container?

Answer 36

the redirusr command